|
|
|
Consortium to Target Web App Security
By: Dennis Fisher
2004-02-18
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Founding members of the new group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc.As part of an effort to crystallize the thinking and product-development around the nascent area of Web application security, a group of vendors will announce next week the formation of a new consortium meant to help define and promote standards concerning application security.
Founding members of the group include Application Security Inc., KaVaDo Inc., Sanctum Inc., SPI Dynamics Inc. and WhiteHat Security Inc. Known as the Web Application Security Consortium, the group will make its debut at the RSA Conference in San Francisco.
The groups initial goal is to create a classification system for application security vulnerabilities, attacks and other threats. Many of the attacks that are used against Web applications are quite complex and much of the terminology is outside of the realm of most security specialists expertise. The group hopes to simplify the explanation of things such as cross-site scripting that have become prevalent in recent years.
"Application security itself is very confusing. A lot of developers dont know exactly how these applications are threatened, which is why the applications are still woefully insecure," said Jeremiah Grossamn, CEO of WhiteHat, based in Santa Clara, Calif. "The Web security area is so new, no one knows how to address all the issues."
Cross said the group is approximately 80 percent finished with the classification system, and hopes to have it completed by late March or early April.
Another major focus of the consortiums efforts will be the establishment of industry best practices in several areas, particularly secure coding. Until very recently, most software developers received almost no instruction in college on secure coding practices, and as a result, had no concept of what it took to write a secure application. That state of affairs is changing, as more developers get security training as part of their educations, but there is little agreement among experts on what qualifies as secure coding.
The new consortium hopes to change that by developing guidelines for secure software development. The group also will look at establishing best practices for independent security reviews.
|
|
�������xrȲ0{�1P|kܽ.�l62t{ĉ TBbI^bq^<ɬ*� gL۠*eUfefeeee@ggOD.\ݴ1ܦdw���轿K$��}��L�UQV C3W/(�bPg�34mzN@B��}@^cfw��D%x�_'Щ�ѩ�wɄZIP�Qߕ>}^qlv��.hrLIA#T��9i�?xi @I�R(#Ѻ�C(D=�ߵ-m:
\'|w*Un�Sp{ca_ʞ0�ɾz5E�hDԸ#|xB�gώɀYǝ�F�
{.Qu^?C2]�hj:TN`Uƞfn�=Ka��z��1rz�-
G&lw��D�ƞ4HC�d!�LJ^`:tm3��GΠڮ�ST�H֢fFԲ;g�uGgbGMҳ�G(&�$g��v?ĭQ Ig%K�a�S K���?-�Gq�p\.* پ�t�syHf��.j.s"U-����wS'��>�dRr�-2^�ʲn�Mw�3a[mѡlطGZ.�h5E9*U+�^r_�ӽm˙?X8N�_{�JE4E9.W���~�`h-vAr�y]J��E}ruuqN�6nx��vy/ȯ;YHM~gDr V*4D>��-ā�WP��;5=(G~o[��J�i%�٥vd$Y3)2���,� �[SҺ췮۽�NΏۭ3d̲1<�jUӀ�*�~�Jw3B~�V�7g7�7MuisCV=BCj`Bӹc�iuuUo~=�1?o!aj; d�Pp9LwZ| �?vO_Zd�[W/' MDO_��0omYn]�H!)T|Y|ěE30�i���2)�>ML9�X@/@שS W4���X�liBu��V�!`J� 0{n�'@k��F�PY��D`6�R\� 9lb蚏)6B̄H )7'M
XR�U��>hI"A[T]ϧˊdoF"���23~�B(��pHq�b���NE1\a>pY<8�vwެ.�Uմ-~龂KsqnUOVЂ)W�C���EhYf7-vI��QM}sQV�b1x2ܯ�Ëʁ��b�(7ZdL��,��5,ϘR7HAQg�tA`::)~ѧ#|>5և$!|Бd��mxq=Z.s+ЍE��Xn`vt�&ha㻣^h1[W <{� C
0ԟ��FAтMz>t�T�;�]|�2��Zw�9ܻ-L&w��z�
�JC�ˋ�F0���P6=�x���Be^~�}�¢��1O�[>ȁ=�`Mtև
&��QsnPB�f�x?ɜ+)
��Tt�7v�rg�NP/h|WY� �3EDVhdF!Z!
= v(�Vf;NrBeOS,�H@fmdz?;�Oq)2Sf�$�),4�tOݡ~�@�r4YV�kCZfv/:A']�օV�P˥=o�@xC� X{K��}͙0p�ŗZ"�rB`}.�E�6G�h�?40��;H�v;p�=F�5}n�&�V�UK�Oӟ@�xz#kZYSꑦ�Tj}�sf8�,� �J;
H璉IJ6*3XSĝ�yд\�"қyGn&zS|tf:��s?&نdpg�pJa e�-֓BSkbg`m1J��1f&6X#˦>oُYIAʫeU�fd~=�VJIUc?&i?怚H|A��2ex�L,`_#|ʠ::7�I�Ҝ!Ir����M1
gziD��,Za�*
#�ؚyewP~?69�r]ilu�0q`(1Z3:uV*˦��T+j�pzۻ(�Sܧ&�;alâ˘c_/-��#���1$6/P+��`�А��BrIa TU��S//��' 7]@�.�&D��~Ê?DNQcG=.C+DÜU^oV��w.$jTUcrxɡUT\=W*qvJ.wq�)4�� �l2{/Ne֛/Pz;�ܮ[KG~g^Ol^�L�cv"O`��)'o@|�V?�>]Ik0cҧ8P�ĺU0�5ESUG�+[+^>�F����]h��!.��־ �X@�P AA�aiϖ�_Z�rO�-x�z29�S"��,rm?Qeg?"Q�e�voqe(D�kp�?F]S؇Qgm/R=TʞO"�9KAG�^320"C�;�wF\!vʬi1fo�|렄6R)#Y�LZ[uɣo�ᄻ,p{S+)~��XD4W��atx/ V$8У4�H>שgQ�M8
/��j�h_���tUM+'P}2�YhSYpg#HٚIuYs�|,On?�A�F\o U�<@�ng,�YEn;&}+琩gs�C/���ɹ%w��A2@X'V-(7ϙ40p�2^=uK6,~p�TfO� 4D|�\D"p-n�ōap�zGdD"9zB*>�^\7a9H�n[JYTJ`uրDZ9~�9HǞ1}]�ܙe>t1Տ'�8*�z)c��ʜ�P@hOXM\ 278$SmvLTSdT�RZ|~Z/\f8�+:ʑ��f�DU5}�5O�?>�n�ȵ#^�$}=բ,._Kӛ&#UiZe%^ͳiIɂ]A�ӀM\r8O��Ll�'P`�R(S&�L]8�TV<^��ۋ�953ק~@Lf@�=�P3�&t]4/3��y*1�a2N$[G*knIG:��a��F*ݔ[Y`'\$T+IjYt�>80xnX N��zW�8pL\'�M=J��5���
�qΟݚ�wr�`>xIa6�J}M�VJ�H2M�3��Wj�jy��eѓr ]N6.�_Tj
vQ�*�s>P�9�k۷BlpH75��SXp|
^_H�X�XD�>DQkF\{e"��nxR*f�3�111u/x۹�~jۣ�%����b�n
|+ ���C7&�{��Cal8)e�w~�u�;?ܴO燤me_:kv�_�t �?�v���9o?��{<{R��Y�Ծ~~<ڝ�?�pȾYM$(��X���4q!s'^>yzھ ]w�Y?�`�y�B�n�8I{��eKJ:^��9"�!5/�.�Yz�F�]9h5óO�M1��Bk3d4) �3`X#�ǎFMT�()�i3�\/D]s>֒\zF_kɾj,r9Aϐa�Q&� ۯcg#s�~e�YLoH2�u�y{do&=)ǣA���3g䢅q+ћN}ۨ+=h�[d_?I+I㆟��y�cP/!Oh�SϏ$٘NB�ERTUulko(r�YpJeOV
;ѡhd�,�#c,n�V��(f^�#zi116g�nR;-�z#�t@�{~}I�.�~(TR�n
.bO뻬,J骇\v�%��(�|MT-/^\RK>]_ϫ���@" bY_��IKwvzY2YX�xlS֛=12�~�O O=p�ԲفǶ�X�
�*4h�g
azS`[ʅ=R3�a
d<�Jփ�6˶˷Fp7�N
Ϧf_ O��%�FJ--^`mZ،�9!/�(�;a�*|�b��\<�e� W_M7⎍zkQ�$g�N7V�_O7�\PG-��P�"1tâA8wNb,vi�"s!��_�60[�� �b! mM��̤@-(�rF*6|p4uYDZx?���Z?;ۊ2C-&:Ϊbb {4D`;nVj1_C�y%W�ޮ8�Wsf�"�UXPQ�oCZI- /)#�#Brc`�.w,h"ǔiNj婚R{M,94 [�L<5���_��FQ_mP��8sq
Rye
L"ZUʉ�xQ(4,h;��@mFLy}�%$���~{�zӝ�PܘI֤�x F@]��DC�Mx�ͯĜ-;j3e� f?ԗN&��IR�rwF�g4jUK#�Q�#�\{0L<�B"��BH"7BD��{{�$M�?�!%6ƾi�vW�6ޠI*i)�ҞVbr0�[6k
��RU
Hge#�;��Xڰt�TjuNfz#xGGJ&N�:�$ln���B�=�ٞ
ʦlXz)�Q�-[J/_�`6[]CҪjy?O
CṀ�C�=�zi8ogcjO||"|#A�ؖ=R0RMqS��ڦ��τbč�'�8��N�T/A IDi<'|Y~qX�=׃0I]IgT�0k�,�NY�@�j���B����@-v�(js\�݊iHmә�/0B�z0Fpɨ�ddL�3�FwA~zqs�PApQ�搴G8$3��}-�z)BD\�:[qMYRJRݔk/5��PE�6c���c$J�/�aAcV�ZW�,ḳ�'�wqwwwwwnJ;7c}>H7g3�,Lg���QT.⬉cl�'�v;Fˆ�^,tNgs~{����aP�m'�L@/HIMe:,��ߏ~%���x$G�<�yE�A�99_i�_DI/Өx�r3�x;ɛԅq����
�gK3@�"^ ?M]B�jdm8f/LKl�9Ot >mb�}�V.9�4/i!��Bx|�'�>�S�|(ףx�5^�Ԇ|5
Ej9c<)_.9Tx��tPZL}�C3æEeb,p*/�öW�R1Dq�R.־5n�yd��һRnE+A)��ꤖRV�iRC?淍q
��"A$H�"a�bx/Bv4kAi?Bg!1ߝVߝVߝVߝV߸Ӫ�UB%,u\?Ȟc�ݖ;Āi�wjz6xL|!k!n�$!��aU?�Mi�ak�۾n�3`D�I#�=22L��t�/d�_fx�臘oncJ�KK�l�UE;,#cMo-'9�
�7�W�h,3Qjd�}mXƺ�``���Iz R�oCv�Ļ3@ut��KE"X�U ,90"��O!HH�^=eX.��c
;[щz&;TEN]_ҽ@|x�D^!�7'sLN+jdi^ǐi�Kl\[�-=��B-���#�·'כ�)Mk~mYG(�
ւ�J ߐd6Fk�5mKYc��5h53]Pa iI p�;o,/tkx/�;v�V�
]F�ÿb��ş
y;qzsW�Vk3wrCηD%R|76 ƿ2]'5O�si`nq�Ӻf&�/�:ff5�#�Ng&af6.Zx�M_
o�&)zl�j�V���(O=~g3�@VE~[�1+ztѥtKoJY!VC}_?4�֝6t>Am�@ɼ#�d�_fȾ�$8�Ǧpt�QqD痀/�-$�Xz�O"qC,�K)`�Iv�|wouv1�A�p\|��g|O,/Em/Pg�V-N�/*`ad=IFF��KGq"�!Z�p6P]?�z�Uc~b~^z�j�c"�8
<"eZ|����
1.Nd-£E���POo|֊�[N�iΞCm�!f11\Rk�r\.he,zVdq2&�/ #z{<s�K��3�@$"�?_J }#ײ�oD�Ax#nO5�D�30]La3obD+ )�m2Ļeŧ1UiL(Z�nsL!F"S�O L5&�H!Yiv'
.'��qU�ov;Wp+TyjۣVw!kb��^:ҁ�>+qܒ:|�mm��,��Q:co�I XPpÃ��MI٫TTD~�N����̋X/LKt4*%:���m;A=~
uDLRO����w\�ND�_��_!߰�,VI�m{7�R[�EꊍBD��Q��"B�p�7Z7Gf\nz�~uC��@�;G}m!��l�y;QF�?� 8C�L�~��AN�x�l��0W)^~�
�� [z>�`uh�c>zS?�!e��A�1HSvB~k[7�/{ʁR0F$u2��C:���Z�7�hyIED#Thb��GB#M=/�nrj&[ք ᑰ
�5"���0t��II!5�Q�"xYјװ�Þ�1;Y{ɳ]�5]{QX�m_11Fiŷ^(�l�;b21#bH��H8ʿ�IS*NiC�3
"P�F:�
�Ƃ![C P/1MF�·:�Zs;%̔���,�,r{j"O-c8tv�'+ˬNCjw`�`>�\��u
l9�:W�eO�g�>{0u�s�
3��RC´vx�)\7& .ycI�� 8�^yN4xP,7,Ȍulb����@�h),f,�ԪR�&uM��!2,��=Vr<�>+hAuU�'n VH+�^@0^��3�:%��_�Ч�6#&Dwn�WyuuuI]Zwrݾ귻uѽL֊�_n՝闓e}/4,�fbv>L5m^+LJrfdeA.�S�r?�sm.4�"GȁW.�}QX\�m�Y(o/PJTٌ/!j�bTթ4MW?fVz
^O˧V\k!h?gg:^Z3fOmLi7Q`1D�*'M&�ϴJ8���SD^u'V�n�"#)�)&pj3�ݜr~v)കS~�'g@�|OP)]hۧF4��gڗ9vN?
/P%�_ٮ���;y�v>�t�N��N�v?;92zg(S~�9wS�{3 ?9s w3~]7]?��/W�W9q�_
s?=��__PO_r3+�>�9~7P~W�{ÿ7MN779$)g�f5pv�8\h�K�"*S^9,.r��|
#r�ӚܴO趈v��<2+Օ�Ɗ |3/߆z�H'<+;
|�4;x]�xZLԸ2GpoQ^"
#�"5 $�Vjf�:taO��vHy1j~h|Z/O�Uq4
5%pN!3J8?0�
fZ���gaFq`�F]S[t�=o�.6�"Θ+=́a[�@R'|(U5m_oR-W+�w俓k$2�����G�b�3jJ]N�m*Ay
0�X\����^9�Q(Fuo*K0njE�=q̐g�a��1Vo1�BDO" ѱ�Y;f]dWe",d�'�æȗጝWv,��ā`
�pTB�Pcgq�
=s]
�YI��4nܹ?|�mF��6.eа!7ao/XbKl[F0�
�|N=�35<>%�Ͷ�
cT��F\�gȌa)x�DטK:[S1U)ւ�_6/gз�d��.�X&"�>m��?'6}Nu;H' �"@"drt�Pŗ-;ױ)�
Mm+#8�4B�>ܼlQ%�62<>c�iЄΧ^p멎T��U|��J��A1^<�&[z>Ku!A]�=_�vs[>/'R`-��/#]^$:+$~Il=fu�-W�rcd+�{f�:PEX�l+!R�+�K�ei$Vi��qS`�huq#b
��}�u+e!.��1�:3�OTXg�{*.v�ed
�
�Ѩ )*l+����o߉n﹨me�#�!+�I;s�_@U ���=[=�܋;ξ��N|L/�ؙ9uV��Rd�GB^#L�n3m�^^kti�(fѰ0�L;,lyE�G%��RrACb
0F �c:e�brYMzS
cJ\g'�ۂ�~�Ӎ+G�S<"Y4.'"�H=8�d+KWܵ1tl�#�"|f`*�H�AyH>A@�`�V\3z7Z�35nBO\�3L��&j1Bi>e1�}af�rY�W`0-��k��A�k�Le�U��|tCGYEL`&;]+�N*$t&vж?8�هl*~��&T/��l{+�нTnxFK-^8Q�>�/"@�LNENE<<�Sf}')VSL_Xџ�_<|:T+���ƕy�@Xqө8Yo\.)Z��ByֽKgN!�$gꎾ�V�;~v��?;m a�%
ѨT\��ߴ�+O��,�mݸ͓�.OHђ�uק4��!ջj/?$+e=;`ol��s�g�dv�=,Mӝo3a-d4džIkck��j�U&��
|
Network Security & Hardware 
